I’m fiddling with sqlmap and it gives a working injected (My)SQL query:
SELECT *
FROM `news`
WHERE ( content LIKE ? )
ORDER BY id
AND
(SELECT 8183
FROM (SELECT( Sleep(1) )) dyYQ)
But I fail to understand what this query means, mainly the ORDER BY id AND (SELECT part.
I understand both parts before and after AND, but I never knew AND could join two clauses.
I checked MySQL doc, ORDER BY followed by AND subquery does not look legal syntax.
>Solution :
The query is valid in MySQL, syntax wise. You can use any expression as the operands of the and operator. The result will be 1 or 0.
SELECT 1 AND (SELECT 1) -- 1
SELECT 1 AND (SELECT 0) -- 0
Plus the ... and ... expression itself could be used in order by.